rPA 3.1.3 is a maintenance release.

• Fixed a bug in readSchedule, which could cause the UpdateTroves plugin to become unusable if the schedule for automatic update checks was changed or disabled. (RAA-900)
• If allow_json is unspecified on a function without a template, the log message noting this now only appears in the DEBUG loglevel. (RAA-1555)
• The logged in user's name in the upper right corner of the page now links to the Change Password plugin rather than User Management, as User Management could be disabled or inaccessible to the user (RAA-1602)
• Pressing F12 in the Reboot and Shutdown confirmation screens in rapa-console no longer confirms the action. (RAA-1624)
• When the backup archive creation process fails, more specific errors are now sent back to the user. (RAA-1708)
• Calls to XML-RPC functions will now advance the Wizard when appropriate. (RAA-1710)
• getBackupMetadata now unmounts the backup location before returning. (RAA-1711)
• Network locations are no longer bind mounted when a mount already exists. Among other benefits, this prevents the backup plugin from improperly validating incorrect user credentials for a backup location (RAA-1712)
• raadb is no longer created as world-readable. (RAA-1714)
• rapa-console no longer raises errors when network interfaces are not yet configured. (RAA-1715)
• When a DatabaseLocked error occurs, the "lock journal" is now logged, showing a stack trace to the point where the lock is being held. (RAA-1717)
• Fixed a bug which could cause backups to fail if a temporary file was removed after being added to the backup file list. (RAA-1718)
• Several possible exceptions in plugins which use "callBackend" are now handled more gracefully. (RAA-1719)
• Fixed a bug which could cause the raa-service to die due to an unhandled exception in the listener thread. (RAA-1721)
• The backup encryption feature relies on PyCrypto which may provide a faulty SHA-256 implementation; this feature now uses a module provided by Conary which consistently matches the previous behavior even on platforms with a correct SHA-256 implementation. (RAA-1723)

• A new authorization predicate called LocalhostOK has been added, which allows a process on localhost to make a call without authenticating, while still requiring authenticate for remote calls (RAA-1701)